1. Sept. 2008
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Submission Title: [Add the Authentication to Enhance the Security on MAC layer]
Date Submitted: [10th Aug, 2008]
Source: [Pei Liu, Paul Dixon, Liang Li, X.D Zhang, Z.F Zhao] Company [ Hisilicon, Huawei, Vinno, CESI]
Address [Beijing, P.R.China]
Voice:[ ], FAX: [ ],
Abstract: []
Purpose: [Discussion]
Notice: This document has been prepared to assist the IEEE P It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P
Pei L, Liang, Paul

2. Combination of Definition with CWPAN Modification
Sept. 2008
Combination of Definition with CWPAN Modification
Combine the Definitions in 15.4E to the MAC modification in CWPAN.
The Definition is in the black part.
The MAC modification in CWAN is added in red part 
Slide 2
Pei L, Liang, Paul

3. Sept. 2008
Motivation
Currently only the frame encryption and message integrity check are provided in the IEEE
May Introduction the necessary authentication steps to enhance the WPAN security.
Pei L, Liang, Paul

4. Current Problem
Sept. 2008
In the present association procedure, authentication of device being access to the network is absent.
It may seriously threatens the security of the network.
It is not difficult to add the authentication in the present association procedure
Pei L, Liang, Paul

5. Message Sequence Chart for Current Association Process
Sept. 2008
Message Sequence Chart for Current Association Process
Pei L, Liang, Paul

6. Suggest one Easy Solution
Sept. 2008
Suggest one Easy Solution
Add one flexible scheme to permit the identification and authentication of the device prior to the current association process, such as the right picture.
The detail steps are described in the next page.
Pei L, Liang, Paul

7. Detail Steps
Sept. 2008
The device tracks the beacon of the coordinator, in the non-beacon networks, the device may go the next direct.
The device sends the authentication request
The coordinator evaluates whether or not to accept the authentication request
The coordinator sends the authentication response
If the authentication request is accepted, the device sends the association request
The coordinator evaluates whether the current resources available on the PAN are sufficient to allow another device to associate
The coordinator sends the association response
Complete the association process or reject the association request
Pei L, Liang, Paul

8. One Authentication Step is Added
Sept. 2008
One Authentication Step is Added
Pei L, Liang, Paul

9. Limited Modification to Add the Authentication
Sept. 2008
Limited Modification to Add the Authentication
To implement the authentication mechanism
Some authentication suites should be added.
Authentication request primitives should be defined
Command to initiate the authentication process and select a authentication suite would be defined
Pei L, Liang, Paul

10. Conclusion
Sept. 2008
One authentication process may be independent of the present association
This authentication process may be mandatory or option step in the new MAC.
It adds the security on the MAC layer and provides the flexibility on the application security requirement.
It is easy to be compatible with the current standard
Pei L, Liang, Paul